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Claims 

1 . A filter for an open system interconnection layer2 traffic separation in 

at least one Access Switching Router (42, 44) in a network (40), having ports in the routers 
5 (42, 44) configured to the same virtual local area network, said filter filtering data packet 
traffic to said ports, characterized in that it comprises: 

means for intercepting layer2 traffic from a network connected source device 
(HostA, HostB) for a Media Access Control address belonging to said virtual local area 
network, determining if traffic is permitted to be forwarded to other ports; 
10 means for intercepting Address Resolution Protocol broadcasts in such traffic, 

responding to said broadcast to said source device(HostA, HostB) regardless of if a 
destination device layer2 domain is the same as source device layer2 domain, said source 
device (HostA, HostB) thus determining that the broadcast has acknowledged the layer2 
address of a sought destination device (HostC, HostD), whereby the source device (HostA, 
1 5 HostB) transmits data packets to the destination device (HostC, HostD), said routers receiving 
said transmitted data packets; 

means for determining the egress port to said destination device; 

means for determining the layer2 address of said destination device (HostC, 

HostD); 

20 means for adjusting the layer2 header from said received data packet, said 

means for setting the source layer2 address, setting said routers source address for the data 
packets, said means for determining the layer2 address of the destination device (HostC, 
HostD), setting the destination layer2 address to that of the destination device (HostC, 
HostD) , transmitting the data packet to the destination device (HostC, HostD); and 

25 thus simulating that if the source device (HostA, HostB) and destination device 

(HostC, HostD) is in the same layer2 domain, the router layer2 address is the actual 
destination address both for the source and destination device, or simulating that if the source 
device and destination device are not in the same layer2 domain but in the same layer3 subnet, 
the router layer2 address is the actual destination layer2 address for the source to the 

30 destination. 

2. A filter according to claim 1 , characterized in that a port that resides in a 
sub router (42, 44) is provided with said routers (42, 44) layer2 address when addressing the 
destination device (HostC). 
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3. A filter according to claims 1 or 2, characterized in a the router (42, 44) is 
investigating the source and/or destination address to determine the best exit port for the 
packet, to determine if the packet is in profile for rate-limiting, or to do other filtering based 
on information in the open system interconnection layer3 and higher protocol layers. 
5 4. A filter according to claims 1 -3, characterized in that a router (42, 44) is a 

combination of a layer2 switch and a layer3 router, combining the capabilities of layer2 
switching with advanced packet control and forwarding decisions in a layer3 router. 

5. A filter according to claims 1 -4, characterized in that it is providing the 
use of one IP subnet, spreading it over several premises and a multiple of Access Switching 

10 Router and the same subnet in multiple layer2 domains, whereby it is covering more 
customers. 

6. A filter according to claim 5, characterized in that it is providing a 
customer having multiple computers to receive more addresses. 

7. A method for a filter for an open system interconnection layer2 traffic 

15 separation in at least one Access Switching Router (42, 44) in a network (40), having ports in 
the routers (42, 44) configured to the same virtual local area network, said filter filtering data 
packet traffic to said ports, characterized in that it comprises: 

intercepting layer2 traffic from a network connected source device (HostA, 
HostB) for a Media Access Control address belonging to said virtual local area network, 

20 determining if traffic is permitted to be forwarded to other ports; 

intercepting Address Resolution Protocol broadcasts in such traffic, responding 
to said broadcast to said source device(HostA, HostB) regardless of if a destination device 
layer2 domain is the same as source device layer2 domain, said source device (HostA, HostB) 
thus determining that the broadcast has acknowledged the layer2 address of a sought 

25 destination device (HostC, HostD), whereby the source device (HostA, HostB) transmits data 
packets to the destination device (HostC, HostD), said routers receiving said transmitted data 
packets; 

determining the egress port to said destination device; 

determining the layer2 address of said destination device (HostC, HostD); 
30 adjusting the layer2 header from said received data packet, said 

means for setting the source layer2 address, setting said routers source address for the data 
packets, said means for determining the layer2 address of the destination device (HostC, 
HostD), setting the destination layer2 address to that of the destination device (HostC, 
HostD) , transmitting the data packet to the destination device (HostC, HostD); and 
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thus simulating that if the source device (HostA, HostB) and destination device 
(HostC, HostD) is in the same layer2 domain, the router layer2 address is the actual 
destination address both for the source and destination device, or simulating that if the source 
device and destination device are not in the same layer2 domain but in the same layer3 subnet, 
5 the router layer2 address is the actual destination layer2 address for the source to the 
destination. 

8. A method for a filter according to claim 7, characterized in that a port that 
resides in a sub router (42, 44) is provided with said routers (42, 44) layer2 address when 
addressing the destination device (HostC). 
10 9. A method for a filter according to claims 7 or 8, characterized in that a 

router (42, 44) is investigating the source and/or destination address to determine the best exit 
port for the packet, to determine if the packet is in profile for rate-limiting, or to do other 
filtering based on information in the open system interconnection layer3 and higher protocol 
layers. 

15 1 0. A method for a filter according to claims 7-9, characterized in that a 

router (42, 44) is a combination of a layer2 switch and a layer3 router, combining the 
capabilities of layer2 switching with advanced packet control and forwarding decisions in a 
layer3 router. 

1 1 . A method for a filter according to claims 7-10, characterized in that it is 
20 providing the use of one IP subnet, spreading it over several premises and a multiple of 

Access Switching Router and the same subnet in multiple layer2 domains, whereby it is 
covering more customers. 

1 2. A method for a filter according to claim 1 1 , characterized in that it is 
providing a customer having multiple computers to receive more addresses. 

25 



